-
漏洞信息

漏洞名称:NAI Sniffer Agent错误登录服务拒绝漏洞

紧急程度:中危

漏洞类型:其他

发布日期:2001-01-09 00:00:00

更新日期:2005-10-20 00:00:00

攻击路径:远程

详细介绍:

NAI Sniffer Agent存在漏洞。远程攻击者可以通过发送大量登录请求导致服务拒绝（崩溃）。

-
公告与补丁

Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

-
漏洞信息

漏洞作者:
This vulnerability was first announced by Kevin Start <kevin_start@hushmail.com> on November 2, 2000.

-
受影响的程序版本

Network Associates Sniffer Agent 3.0.10
+
Microsoft Windows NT 4.0

-
漏洞讨论

NAI Sniffer Agent is part of the NAI Sniffer network monitoring package. A vulnerability exists in the agent that can allow a malicious user to crash a system running the agent.

The Sniffer Agent is access controlled, and requires a login for a user to attain remote access. It is reported that the Sniffer Agent does not reliably handle false login requests, and when faced with a large amount of false authentication requests, causes host system instability. This flaw makes it possible for a malicious user to crash a host running the agent by flooding it with false login requests, resulting in a Denial of Service.

-
漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

-
解决方案

Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.